An original draft of a report by an advisory panel to the Federal Communications Commission, viewed by The Wall Street Journal, endorsed a list of concrete suggestions for major telecommunications and cable companies to tackle the cybersecurity problem. Those measures—which included steps such as controlling which employees have administrative privileges on company networks—weren't backed in the final report, which was released Monday evening.

The United States Telecom Association, whose members include AT&T Inc.,Verizon Communications Inc. and CenturyLink Inc., along with other industry representatives blocked a full endorsement of the list, according to advisers on the FCC panel. In their final report, members of the advisory panel agreed that they lacked consensus on how to protect U.S. telecom networks.

The development may be indicative of the tensions to come as the government looks at tougher oversight of the private sector's cybersecurity defenses. Attacks by foreign hackers led President Barack Obama to issue an executive order in February directing officials to set a cybersecurity framework for key industries. While the FCC isn't directly responsible for that effort, the series of drafts of the report by the commission panel offered a preview of how the debate over that framework could unfold.

Requiring companies to follow a checklist "is likely to be not flexible and not innovative," said Jon Banks, a senior vice president of the Telecom Association. Mr. Banks, whose group represents telecom companies, said the report "illustrates the debate between "prescriptive regulation" or something more like a "public-private partnership."

Some members of the FCC panel disagreed. "Any connection between the FCC and any statement of what needs to be done in cybersecurity appears to be poison to these companies that control the Internet," said Alan Paller, a co-chairman of the group and founder of the Sans Institute, a cybersecurity research and education institute.

Mr. Paller's organization charges for courses based on the list of controls he advocated at the commission.

Verizon and AT&T declined to comment. CenturyLink referred reporters to comments from the Telecom Association.

Many in the security and intelligence community believe Washington should set strict network security standards for major U.S. industries. Foreign hackers have already demonstrated an ability to break into the U.S. power grid and other infrastructure.

Telecommunications companies play a crucial role in cybersecurity because malicious code typically travels over their networks. Major Internet-service providers often work with federal law enforcement to combat cyberattacks.

The companies are cautious about regulation, however, arguing that government standards would be clunky and could make those carrying Internet traffic legally liable for failing to prevent cyberattacks.

The early draft of the FCC panel's report called for adoption of a specific list of cybersecurity fixes, known as the 20 critical security controls, which were developed by cyber experts in concert with the National Security Agency and others. The FCC panel also initially wanted federal regulators to push for a telecom industry group that would create a new set of cybsrecurity guidelines, according to the draft of the report.

The industry, however, viewed another organization for cybersecurity issues as a superfluous layer of bureaucracy, a telecom official said.

Although the early draft referred to "top-level" defense suggestions for the telecommunications industry, no such guidelines exist in the final document.

The FCC panel, officially known as "working group 11" of the FCC's Communications Security, Reliability and Interoperability Council III, lacks regulatory authority. The group of industry representatives and outside security experts was tasked with advising the agency on future action.

Any document that even hints at government-backed standards can make companies nervous. Many see it as the tip of the spear for future regulation. Telecom industry officials said the complexity of their operations means their networks can't simply adopt guidelines designed for all industries.

A coordinated effort by the private sector and the U.S. Chamber of Commerce last year quashed legislation that would have codified voluntary security standards. Lawmakers are already engaging in a similar battle this year as many introduce cybersecurity bills.

Jim Lewis of the Center for Strategic and International Studies, who advises the White House and lawmakers on cybersecurity, said companies have an "objection to giving more regulatory authority to an agency that they may not be comfortable with." But he said some comprehensive rules may be justified.

"A computer network is a computer network," he said. "Of course there will be sector-specific requirements, but for your basic computer stuff, this is applicable across the board."

This copy is for your personal, non-commercial use only. Distribution and use of this material are governed by our Subscriber Agreement and by copyright law. For non-personal use or to order multiple copies, please contact Dow Jones Reprints at 1-800-843-0008 or visit www.djreprints.com.